Thanks, Leo, for providing this, and the translation into English. At 7:45 PM 1/9/96, Leo Van Hove wrote:
I looked up the law mentioned in the newspaper article and it goes like this (non french speaking cypherpunks, please see comments below <grin>): ...
Art. 202 stipulates that Belgacom (= Belgium's leading telephone company) and other telecom companies have to cooperate with law enforcement when it wants to tap telephone lines - no, sorry, make that telecom lines (!). Note that tapping is only allowed under certain circumstances stipulated in the so-called Privacy Law (see also my previous posting to this list).
This is almost exactly the same provision that Digital Telephony established in the U.S., namely, that switch providers (phone companies, loosely speaking, but possibly more, including packet switches....). More on this in a moment.
Art. 203 is the most important as far as key escrow is concerned. It completes Art. 95 of the 1991 Law which stipulated 4 conditions in which telecom equipment may be seized. These initial conditions are rather harmless (equipment does no longer conform to the initial specifications, it hinders public broadcasts, presents health risks for the users,...). Art. 203 adds a 5th and stingy one: equipment that makes tapping impossible may be disconnected from the network and seized ... On the face of it - I'm not a lawyer, so don't pin me down on this - this means no crypto (or ^^^^^^^^^^^^^^^^^^^^^^^^ only with key escrow) ... ^^^^^^^^^^^^^^^^^^^^^
I think this ties in closely with the European meetings on key escrow (recall that our earliest indications of a move to get "software key escrow" came from the Karlsruhe meeting in the spring of 1994, and various international forums on key escrow began soon thereafter). This fits with several trends I and others here have discussed: * getting corporations to do as much of the enforcment work as possible. * using the civil forfeiture and penalty provisions to terrify the corporations, ISPs, switch providers, etc., to cooperate (I referred to this as "deputizing" the corporations as soldiers in the government's wars). * having Europe launch the crackdowns, then pleading that the U.S. must "conform" to international treaties and law enforcement agreements. (Some have argued that the Bavarian version of Exon was a step in this direction....) So, we need to be alert for the following scenario: 1. Telephone companies, telecom providers, ISPs, etc., must conform to the Digital Telephony wiretapping provisions, or variants thereof (not just the language of Digital Telephony, but also language in pending and future bills). 1a. If Exon passes, ISPs may also have to verify ages of users. This would necessitate a form of "Internet ID card," with all that this implies for the use of cryptography, anonymity, etc. 2. European companies (private, and PTTs) set the precedent. 3. An exception is made for key escrow. That is, one of the companies in #1 can be held harmless if it has taken major steps to ensure that users are not using encryption that is not properly escrowed. That is, they can escape the Title 18 fines and seizure of their equipment if they "cooperate" with "valid investigations." 4. A few prosecutions will likely have to made, just to make sure the message is properly received. (Like the two-by-four over the head I mentioned in my last message.) 5. A panic sets in. Just as CompuServe dumped 200 newsgroups on the whiff that a prosecution and seizure might happen, many ISPs will ignorantly send out warnings to users that all encrypted messages must use GAK. (To be sure, not all will. Some will ignore the warnings, some will contemptuously flout the law, etc.) 6. The government gets a large fraction of messages into a GAK format. Once again, corporations and ISPs become the deputies. (Note: Sure, superencryption still works, and no GAK system will be universally successful. Maybe not even successful in a majority of cases. But probably enough to cripple large-scale usage and, especially, commercial payment usage. This may be enough for the IRS, FinCen, etc.) We really need to be looking to what the nations of Europe are doing (as we have been of course, as the crypto laws of Europe have always been interesting to us, even if the machinations of the U.S. get most of the attention, for obvious reasons). --Tim May We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."